CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

CVSS

No CVSS.

References

Link	Resource
https://github.com/hazelcast/hazelcast/pull/25509	Patch
https://github.com/hazelcast/hazelcast/pull/25509	Patch
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66	Vendor Advisory
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hazelcast:hazelcast::::::::
	cpe:2.3:a:hazelcast:hazelcast::::::::
	cpe:2.3:a:hazelcast:hazelcast::::::::
	cpe:2.3:a:hazelcast:hazelcast::::::::
	cpe:2.3:a:hazelcast:hazelcast::::::::
	cpe:2.3:a:hazelcast:hazelcast::::::::

History

13 May 2025, 14:52

Type	Values Removed	Values Added
References	~~() https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66 -~~	() https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66 - Vendor Advisory
References	~~() https://github.com/hazelcast/hazelcast/pull/25509 -~~	() https://github.com/hazelcast/hazelcast/pull/25509 - Patch
First Time		Hazelcast hazelcast Hazelcast
CPE		cpe:2.3:a:hazelcast:hazelcast::::::::

28 Feb 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-28 22:15

Updated : 2025-05-13 14:52

NVD link : CVE-2023-45859

Mitre link : CVE-2023-45859

JSON object : View

Products Affected

hazelcast

hazelcast

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509", "name": "https://github.com/hazelcast/hazelcast/pull/25509", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.com/hazelcast/hazelcast/pull/25509", "name": "https://github.com/hazelcast/hazelcast/pull/25509", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "name": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "name": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-45859", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2024-02-28T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.2.5", "versionStartIncluding": "5.2.0"}, {"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.3.5", "versionStartIncluding": "5.3.0"}, {"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.1.10"}, {"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0"}, {"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.0.5", "versionStartIncluding": "5.0.0"}, {"cpe23Uri": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.1.7", "versionStartIncluding": "5.1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-13T14:52Z"}